parent
282e99c2a7
commit
16100cf94c
@ -0,0 +1,63 @@
|
|||||||
|
# Configuration rsyslog pour utiliser avec un Splunk Forwarder a copier dans /etc/rsyslog.d
|
||||||
|
|
||||||
|
#--------------------------Modules-----------------------------
|
||||||
|
|
||||||
|
$ModLoad imudp
|
||||||
|
$ModLoad imtcp
|
||||||
|
|
||||||
|
#--------------------------Protocoles--------------------------
|
||||||
|
|
||||||
|
$UDPServerRun 514
|
||||||
|
$UDPServerRun 5140
|
||||||
|
$InputTCPServerRun 514
|
||||||
|
|
||||||
|
#--------------------------Folder------------------------------
|
||||||
|
|
||||||
|
$DirCreateMode 0755
|
||||||
|
$FileCreateMode 0640
|
||||||
|
$DirOwner splunk
|
||||||
|
$DirGroup splunk
|
||||||
|
$FileOwner splunk
|
||||||
|
$FileGroup splunk
|
||||||
|
|
||||||
|
$RuleSet RSYSLOG_DefaultRuleSet
|
||||||
|
|
||||||
|
#--------------------------Templates---------------------------
|
||||||
|
|
||||||
|
#Template Cisco
|
||||||
|
#$template ciscoasa,"/var/rsyslog/%$myhostname%/ciscoasa/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||||
|
|
||||||
|
#Template Fortigate
|
||||||
|
$template fortigate,"/var/rsyslog/%$myhostname%/fortigate/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||||
|
|
||||||
|
#Template Esxi
|
||||||
|
$template esxi,"/var/rsyslog/%$myhostname%/esxi/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||||
|
|
||||||
|
#Template Linux
|
||||||
|
$template linux,"/var/rsyslog/%$myhostname%/linux/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||||
|
|
||||||
|
#Template Switch
|
||||||
|
#$template switch,"/var/rsyslog/%$myhostname%/switch/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||||
|
|
||||||
|
# Catch All
|
||||||
|
$template catchother,"/var/rsyslog/%$myhostname%/catchother/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||||
|
|
||||||
|
#-------------------------Filtres------------------------------
|
||||||
|
|
||||||
|
if $msg contains_i ' devid="FG' then -?fortigate
|
||||||
|
& stop
|
||||||
|
|
||||||
|
if $hostname contains_i 'srvesx' then -?esxi
|
||||||
|
& stop
|
||||||
|
|
||||||
|
if $hostname contains_i 'svl' then -?linux
|
||||||
|
& stop
|
||||||
|
|
||||||
|
#if $hostname contains 'SWI' then -?switch
|
||||||
|
#& stop
|
||||||
|
|
||||||
|
#if $syslogtag contains '%ASA' then -?ciscoasa
|
||||||
|
#& stop
|
||||||
|
|
||||||
|
if $fromhost != $$myhostname then -?catchother
|
||||||
|
& stop
|
||||||
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
- name: "Deploy Conf Rsyslog for Splunk UF/HF Linux"
|
||||||
|
become: yes
|
||||||
|
hosts: splunk_uf_Linux
|
||||||
|
tasks:
|
||||||
|
- name: Deploy_Uf_LIN
|
||||||
|
include_tasks: roles/splunk_deploy_uf/tasks/Deploy_Confrsyslog-to-hf-uf.yml
|
||||||
@ -0,0 +1,8 @@
|
|||||||
|
- name: Copier la configuration Rsyslog
|
||||||
|
become: yes
|
||||||
|
become_user: "{{ privileged_user }}"
|
||||||
|
copy:
|
||||||
|
src: "{{ playbook_dir }}/Config_Rsyslog/01-Splunk_Forwarder.conf"
|
||||||
|
dest: /etc/rsyslog.d/
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
Loading…
Reference in new issue